On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4
History

Tue, 10 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache streampark
CPEs cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache streampark

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-18T11:15:56.706Z

Updated: 2024-08-02T01:10:54.085Z

Reserved: 2024-03-18T16:34:46.011Z

Link: CVE-2024-29178

cve-icon Vulnrichment

Updated: 2024-08-02T01:10:54.085Z

cve-icon NVD

Status : Modified

Published: 2024-07-18T12:15:02.960

Modified: 2024-11-21T09:07:44.080

Link: CVE-2024-29178

cve-icon Redhat

No data.